It's a Doozy!
http://whencanireusethiscalendar.com/
Now you can go digging through that chest of crap from the 1990s and pull out your favorite cute puppies calendar. In 2010, you can re-use calendars from 1999, 1993, 1982, 1971, 1965, 1954, 1943, and 1937.
Today I took a 2.7 hour flight on the Big Island of Hawaii. Emily was riding in the back seat and the CFI was a gent named Hawk from Hawaii Flight Academy.
The flight was gorgeous scenery of course, but I left most of the sightseeing and photo taking to Emily as I handled the controls.
The weather was exceptionally good. We were able to see all three mountain tops when most tours are lucky to see one or two from the coast. Our counter-clockwise trip took us over the active lava flows where Hawk took the controls and flew lower Part 136 altitudes while Emily and I ogoled the natural wonder.
After that, I took the controls again and we headed toward Hilo, brushing the underside of broken clouds around 3,000. On the far side of Hilo, we angled upslope to avoid incoming rain, but then I let hawk take the the controls and take us on the more scenic trail through the rain and low/no visibility.
Coming around the north side, the skies were clear, but we got a bout of light turbulence. Emily was mildly shaken, but I did a very good job holding altitude within 50 feet of 1,500. The downdrafts downwind of the saddle caught me off guard and I had to take decisive action when I noticed we had glided from 1,500 down to 1,100.
I told the instructor early on that I’d want him to do the landing if the crosswinds were too strong. After all, the most important things in my world were riding in that plane. When we set up for a long final at about 20 degrees left of the runway, we agreed that the landing would be doable.
We were following a light plane doing a touch and go and we were some distance ahead of a larger jet. I maintained centerline fairly well, but flared too much and ballooned the touchdown. I made a good stabilizing re-approach at wingspan height, adjusting for crosswind, and set it down with enough room to take H taxiway back to the fuel station.
This is also the first time I was directly involved in a refuel. This isn’t your Chevron filling station. Well, okay, it was *a* Chevron filling station, but the everything involved was much beefier.
Check out more photos as well as a geotagged photo map from our trip.
Today I flew 1.3 hours with John La Porta. This is my third lesson with him and my 6th overall. Aviation has been a dream and a goal of mine since I was very young and I decided it was time to realize that goal when I met a friend who happened to be a CFI (certfied flight instructor).
After preflight, I asked John if we could focus on landings today. He agreed and asked me to tell him what I know so far about landing a small craft. After discussing for several minutes, he gave me the list of steps we would take during a landing which I jotted down.
On our first go round, we came around too steep so my instincts told me to nose up. It was on this landing that I got my first real lesson on flying “the back side of the curve.” The little Cessna C-150 took the bounce surprisingly well. We settled it down and then re-applied full throttle to take off again. Surprised that my sucky landing didn’t snap the wings off, we climbed albeit a bit unsteadily.
John took us out over Redmond so we could discuss landings further and get me more proficient at firm rudder control. Previosly, I was unaware of the amount of spring in the rudder controls. You can (and should) depress both pedals simultaneously a few inches to keep the rudder from being blown about.
We also simulated several patterns. I continue to be impressed by. The tight turning radius this thing is capable of in slow flight. I need more hours to ge used to it’s capabilities.
We returned to BFI for four more landings. Each one was incrementally better, despite a notable crosswind.
It was very comforting to see the runway come into alignment and realize that I am naturally crabbing 15 degrees to maintain centerline without any effort.
My final landing stuck fairly well. I was mostly able to let go of my instinct to control altitude with the nose and instead use throttle with angle of attack controlling airspeed.
I have a long way to go, but this was perhaps the most instructive lesson to date.
(apologies for typos and grammar. Written on iphone, editing later on)
Last weekend Washington state just upped its liquor prices an average of 13% per bottle in a bid to help fill its 6 billion dollar budget gap. The estimated proceeds from the increase in liquor tax should cover about 1.3% of the budget shortfall. The problem is, I don’t think they will take in nearly as much as they have estimated.
It hasn’t even been a week and I’m already hearing several people talking about making booze runs down to Portland, Oregon. A casual web search reveals some insightful answers.yahoo.com advice suggesting there is no peril in shuttling copious quantities of booze across state lines, but I remain dubious. However, with over 75% of the cost of a bottle now profits to the state, it will become harder for people to resist a little bit of sales and use tax evasion.
I hate to say it, but it will probably take a horse’s ass to spearhead an initiative to reduce state liquor taxes. It can’t be many more years before people start whining about the ever-increasing rates in general and I know someone will come riding in on their white horse to rescue the taxpayer’s hard-earned dollar once the general consensus agrees that the economy has sufficiently recovered.
Photo credit Thomas Hawk
This morning I received a call from a gent with a Boston accent. He indicated that he represents a firm that is displeased with some data I’m using on isnoop.net. According to the caller, my theater listings page is using his client’s intellectual property and I’m not properly licensed to do so. The lawyer seemed nice enough. Perhaps I should have kept him on the phone longer so he could tick up some more billable hours…
Like some other things I’ve developed, theater listings was a simple service I wrote for myself to clean up an otherwise cluttered interface and make the data available in my favorite feed reader. Over the years, many people have written with questions and thanks regarding the page. Thank you to everyone who used the service. I hope you might find some of my other tools just as useful.
As of now, the theater listings page is closed. If you still want this information in your web browser, check out Google’s movie listings service. For you feed reader junkies, Yahoo Pipes is widely known as a useful service for turning any web page into an RSS feed.
I’ll investigate the possibility of re-sourcing the data, but don’t get your hopes up. Also, for those who are already firing up their email clients to ask me for the source code, hold your horses. I’ve been working up a post on ethical screen scraping and now I can finally share it without being hypocritical. I won’t share the source, but look forward to an interesting and useful guide to capturing and reusing data on the web, including some advice that should help prevent you from getting your own C&D.
As with most of my web toys, FeedSifter.com started off as a tiny tool that served a very simple need I had. Assuming a handful of people might have the same need, I publish most of these utilities and some of them actually manage to become fairly popular.
FeedSifter is a simple service that allows you to filter an RSS or ATOM feed for various keywords. There are many other services out there that do this same thing, but this site is anonymous, uncluttered, and intuitive–exactly what I wanted at the time.
Looking at the traffic stats today, I’ve found that feedsifter.com managed to become fairly popular while nobody was looking. Over the past 8 months, daily traffic has been steadily increasing and it is fast approaching 2,000 requests per hour. That’s a pleasant surprise and a good indication that I should put some effort into finishing those final few features I never got around to implementing years ago.
Did you know you can trigger a refresh while viewing the source of a page? This feature has been around since the dawn of Firefox 2.0, but it is still unknown to many web professionals.
All the standard keyboard shortcuts work, including the F5 and Ctrl+Shift+R for a cache flush. Give it a try on your favorite dynamic page.
Thanks to Apple shipping everyone’s iPhone to be delivered last Friday, my package tracking website Boxoh.com saw double the number of absolute hits and six times the number of Adsense impressions. That’s a lot of iPhone recipients mashing F5 all day long.
Let’s hope more of them turn into return visitors. I do have several features in the works to help make the site more compelling for regular users and one-timers alike.
As a follow-up to my last post, here are a few tips to help keep you from driving your site users away with misguided password restrictions.
Your tweets may be precious to you, but as a web developer, you should understand the differences between password security for Twitter and for online banking. Consider the monetary and legal damages that to both you and your customers if their account were compromised and plan accordingly.
Since you are properly protecting passwords by only storing a hash, there is no reason to limit characters they use in their passwords. Don’t tell your users they can’t use symbols or start their password with a space if that’s what they want to do. In the end, all you’ll be storing is an alphanumeric hash of the password anyway, so it shouldn’t matter if they send you a bunch of binary gook.
Set reasonable requirements for password rotation. If yours is a high-security system, it is reasonable to require password rotation every few months. In order to prevent abuse, it is even reasonable to check for duplicates against the last N password hashes or all of the hashes used the last few months. Before implementing any password rotation scheme, be sure you’ve visited and revisited #1 above.
Despite the practices of some sites, there is rarely if ever a good reason to keep an unlimited log of every password a person has used, never letting them be reused.
Let’s assume someone really wants into one of your user’s accounts. If they had the capabilities of attempting a blistering 1,000 different passwords per second, here’s how long it would take to try every possible combination:
| Min length | a-z | a-z, A-Z | a-z, A-Z, 0-9 | a-z, A-Z, 0-9, Symbols |
|---|---|---|---|---|
| 6 | 3 days | 225 days | 2 years | 22 years |
| 7 | 90 days | 32 years | 110 years | 2,035 years |
| 8 | 6 years | 1,663 years | 6,814 years | 191,258 years |
| 9 | 166 years | 86 millennia | 422 millennia | 17,978 millennia |
The exponential growth of possible combinations makes password cracking infeasible pretty quickly. Assuming 1,000 attempts per second is ludicrous against a webserver, but assuming your database isn’t compromised, this should be the only means an attacker can brute force an account. The time to compute reaches absolute absurdity after just 8 lowercase characters.
As in character taboos, what do you care if your users have 100 character long passwords? It is reasonable to put a ceiling on password lengths to prevent blatant abuse (perhaps in the neighborhood of 500-1,000 chars), but don’t limit your users to a 12 character password because that’s all your schema can hold.
Remember that you should be hashing passwords and that most hashes produce a fixed-length output no matter the input.
Just a quick note to any developer, site owner, or project manager who is in charge of developing a user login system:
Don’t put unreasonable restrictions on usernames.
It is sensible to prevent people from creating names containing certain characters or names of extreme length. However, some sites go too far by requiring all user names be 7-12 characters in length. Other sites forbid user names that begin with numbers.
A more reasonable approach would be to allow user names from 3 to 16 characters, with a limited set of punctuation allowed, and the first letter cannot be whitespace.
Remember that user names are generally public information so you don’t need to apply the same protections you do to ensure strong passwords. Do the right thing and your users will thank you by not abandoning your account creation form.